Opensearch is a fork of Elasticsearch / Kibana 7.10 . Is a a free and opensource alternative to Elastic.co , with some security by default features.
# Install Opensearch sudo apt update && sudo apt upgrade -y sudo apt-get update && sudo apt-get -y install lsb-release ca-certificates curl gnupg2 # This command appears in two lines, make sure to include them in one. curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | sudo gpg --dearmor --batch --yes -o /usr/share/keyrings /opensearch-keyring # This command appears in two lines, make sure they are one. echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch /2.x/apt stable main" | sudo tee /etc/apt/sources.list.d/opensearch-2.x.list sudo apt update && sudo apt install opensearch -y sudo vim /etc/opensearch/opensearch-security/internal_users.yml # change reserved: true to reserved: false ( Only on admin , kibanaserver referenced in opensearch_dashboard.yml) # Optional: Change the password via hash. ( See command below, not required if reserved:false , can change from GUI. ) # Optional: Keep in mind reserved:true makes the account immutable. If you need that, then keep it, cant change from GUI. # Install opensearch-dashboard # This command appears in two lines, make sure they are one. curl -o- https://artifacts.opensearch.org/publickeys/opensearch.pgp | sudo gpg --dearmor --batch --yes -o /usr/share/keyrings /opensearch-keyring # This command appears in two lines, make sure they are one echo "deb [signed-by=/usr/share/keyrings/opensearch-keyring] https://artifacts.opensearch.org/releases/bundle/opensearch- dashboards/2.x/apt stable main" | sudo tee /etc/apt/sources.list.d/opensearch-dashboards-2.x.list sudo apt update && sudo apt install opensearch-dashboards -y sudo vim /etc/opensearch-dashboards/opensearch_dashboards.yml # uncomment server.port: 5601 # uncomment and change server.host: "localhost" to server.host: "0.0.0.0" # Issue: If you change the kibanaserver password in internal users, you have to add this to opensearch dashboards config. # Issue: Do not use ! points in your password hash generator, since it will call bash history and passwords will not match. # Opensearch 2.x > Java 17 compatible sudo apt install openjdk-17-jdk export JAVA_HOME=$(readlink -f /usr/bin/java | sed "s:bin/java::") export OPENSEARCH_JAVA_HOME=$JAVA_HOME java --version echo $JAVA_HOME echo $OPENSEARCH_JAVA_HOME # Start the daemons sudo systemctl daemon-reload sudo systemctl enable opensearch sudo systemctl start opensearch sudo systemctl enable opensearch-dashboards sudo systemctl start opensearch-dashboards # Login ( Can now manage all users from GUI ) http://ip-of-server:5601 user: admin pass: admin manage users > management > security > internal users > delete & change passwords # Verify opensearch works with new password set: curl -XGET -k -u 'admin:NEWPASSWORD' 'https://localhost:9200/_cluster/health?pretty' # HTTPS options OpenSearch-Dashboard * nginx * search guard ( Compatibility unclear 7.10) * Security script process. # (Optional) Opensearch Security Script Method: # Add your chosen password has to the internal users yml. sudo /usr/share/opensearch/plugins/opensearch-security/tools/hash.sh -p <new-password> # Update the Internal users yml sudo vim /etc/opensearch/opensearch-security/internal_users.yml # Dev certs, to generate your own - https://opensearch.org/docs/latest/security/configuration/generate-certificates/ # This appears on three lines, except should be one command. sudo /usr/share/opensearch/plugins/opensearch-security/tools/securityadmin.sh -f /etc/opensearch/opensearch-security /internal_users.yml -t internalusers -icl -nhnv -cacert /etc/opensearch/root-ca.pem -cert /etc/opensearch/kirk.pem -key /etc/opensearch/kirk-key.pem